NV: Nessus vulnerability visualization for the web

Authors:
Lane Harrison;Riley Spahn;Mike Iannacone;Evan Downing;John R. Goodall
Affiliations:
Oak Ridge National Laboratory, Oak Ridge TN;Oak Ridge National Laboratory, Oak Ridge TN;Oak Ridge National Laboratory, Oak Ridge TN;Oak Ridge National Laboratory, Oak Ridge TN;Oak Ridge National Laboratory, Oak Ridge TN
Venue:
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
Year:
2012

Citing 10
Cited 0

Tree visualization with tree-maps: 2-d space-filling approach

ACM Transactions on Graphics (TOG)
Scalable, graph-based network vulnerability analysis

Proceedings of the 9th ACM conference on Computer and communications security
I know my network: collaboration and expertise in intrusion detection

CSCW '04 Proceedings of the 2004 ACM conference on Computer supported cooperative work
MulVAL: a logic-based network security analyzer

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Wireless Cyber Assets Discovery Visualization

VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Advances in Topological Vulnerability Analysis

CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
Visualizing attack graphs, reachability, and trust relationships with NAVIGATOR

Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Visual analysis of code security

Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Nimble cybersecurity incident management through visualization and defensible recommendations

Proceedings of the Seventh International Symposium on Visualization for Cyber Security
D3 Data-Driven Documents

IEEE Transactions on Visualization and Computer Graphics

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network vulnerability is a critical component of network security. Yet vulnerability analysis has received relatively little attention from the security visualization community. This paper describes nv, a web-based Nessus vulnerability visualization. Nv utilizes treemaps and linked histograms to allow security analysts and systems administrators to discover, analyze, and manage vulnerabilities on their networks. In addition to visualizing single Nessus scans, nv supports the analysis of sequential scans by showing which vulnerabilities have been fixed, remain open, or are newly discovered. Nv operates completely in-browser, to avoid sending sensitive data to outside servers. We discuss the design of nv, as well as provide case studies demonstrating vulnerability analysis workflows which include a multiple-node testbed and data from the 2011 VAST Challenge.